The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. For more information about EMET, click the following article number to view the article in the Microsoft Knowledge Base:
2458544 The Enhanced Mitigation Experience ToolkitWhen EMET mitigations are applied to certain software or certain kinds of software, compatibility issues may occur because the protected software behaves similarly to how an exploit would behave. This article describes the kind of software that usually presents compatibility issues with EMET’s mitigations and a list of products that exhibited compatibility issues with one or more of the mitigations that are offered by EMET.
Generic guidelinesEMET mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using EMET. The following is a list of the kinds of software that should not be protected by using EMET:
- Anti-malware and intrusion prevention or detection software
- Software that handles digital rights management (DRM) technologies (that is, video games)
- Software that use anti-debugging, obfuscation, or hooking technologies
Additionally, EMET is intended to work together with desktop applications, and you should protect only those applications that receive or handle untrusted data. System and network services are also out-of-scope for EMET. Although it is technically possible to protect these services by using EMET, we do not advise you to do this.
Application compatibility listThe following is a list of specific products that have compatibility issues in regards to the mitigations that are offered by EMET. You must disable specific incompatible mitigations if you want to protect the product by using EMET. Be aware that this list takes into consideration the default settings for the latest version of the product. Compatibility issues may be introduced when you apply certain add-ins or additional components to the standard software.
|Product||EMET 4.1 Update 1||EMET 5.2||EMET 5.5 and newer|
|.NET 2.0/3.5||Export Address Filtering (EAF)/Import Address Filtering (IAF)||EAF/IAF||EAF/IAF|
|7-Zip Console/GUI/File Manager||(EAF)||EAF||EAF|
|AMD 62xx processors||EAF||EAF||EAF|
|Beyond Trust Power Broker||Not applicable||EAF, EAF+, Stack Pivot||EAF, EAF+, Stack Pivot|
|Certain AMD/ATI video drivers||System ASLR=AlwaysOn||System ASLR=AlwaysOn||System ASLR=AlwaysOn|
|Excel Power Query, Power View, Power Map and PowerPivot||EAF||EAF||EAF|
|Google Chrome||SEHOP*||SEHOP*||SEHOP*, EAF+|
|Google Talk||DEP, SEHOP*||DEP, SEHOP*||DEP, SEHOP*|
|Immidio Flex+||Not applicable||EAF||EAF|
|Microsoft Office Web Components (OWC)||System DEP=AlwaysOn||System DEP=AlwaysOn||System DEP=AlwaysOn|
|Microsoft Teams||SEHOP*||SEHOP*||SEHOP*, EAF+|
|Microsoft Word||Heapspray||Not applicable||Not applicable|
|Pitney Bowes Print Audit 6||SimExecFlow||SimExecFlow||SimExecFlow|
|Siebel CRM version is 126.96.36.199||SEHOP||SEHOP||SEHOP|
|SolarWinds Syslogd Manager||EAF||EAF||EAF|
|VLC Player 2.1.3+||SimExecFlow||Not applicable||Not applicable|
|Windows Media Player||MandatoryASLR, EAF, SEHOP*||MandatoryASLR, EAF, SEHOP*||MandatoryASLR, EAF, SEHOP*|
|Windows Photo Gallery||Caller||Not applicable||Not applicable|
* Only in Windows Vista and earlier versions
ǂ EMET mitigations might be incompatible with Oracle Java when they are run by using settings that reserve a large chunk of memory for the virtual machine (that is, by using the -Xms option).
Frequently asked questionsQ: What are the exploits for which CVEs have been blocked by EMET?
A: The following is a partial list of the CVEs for which the known exploits are successfully blocked by EMET at the time of discovery:
|CVE number||Product family|
|CVE-2007-5659||Adobe Reader, Adobe Acrobat|
|CVE-2009-0927||Adobe Reader, Adobe Acrobat|
|CVE-2009-4324||Adobe Reader, Adobe Acrobat|
|CVE-2010-0188||Adobe Reader, Adobe Acrobat|
|CVE-2010-1297||Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat|
|CVE-2010-2883||Adobe Reader, Adobe Acrobat|
|CVE-2010-3654||Adobe Flash Player|
|CVE-2011-0611||Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat|
|CVE-2012-0158||Office, SQL Server, Commerce Server, Visual FoxPro, Visual Basic|
|CVE-2012-0779||Adobe Flash Player|
|CVE-2013-0640||Adobe Reader, Adobe Acrobat|
|CVE-2013-5330||Adobe Flash Player, Adobe AIR|
|CVE-2014-0497||Adobe Flash Player|
|CVE-2015-0313||Adobe Flash Player|
Q: How do I uninstall Microsoft EMET 5.1 by using an MSIEXEC command or a registry command?
A: See the references in the following TechNet topic:
Q: How do I disable Watson Error Reporting (WER)?
A: See the references in the following Windows and Windows Server articles: